Cybersecurity on DNA sequencing tools failed to protect data

A recent study form the University of Washington found that security measures on patient's genetic tests are poorly maintained. The unprotected DNA information poses an additional threat because it can be encrypted with malicious code and harm the computer.

The improvement of DNA sequencing has increased the amount of genetic testing information, but security practices continue to fail to keep this information safe. Findings are set to be presented at the 26th USENIX Security Symposium.

"We don't want to alarm people or make patients worry about genetic testing, which can yield incredibly valuable information," said co-author Luis Ceze, associate professor at the University of Washington. "We do want to give people a heads up that as these molecular and electronic worlds get closer together, there are potential interactions that we haven't really had to contemplate before."

The study explained that when a DNA strand is processed, a malicious exploit can take control of the computer running the system. To protect the system, researchers compiled a list of recommendations which included following best practices for secure software, using adversarial thinking when applying processes, monitoring who controls DNA samples, verifying DNA samples before they are processed and developing methods to detect malicious executable code in DNA.

"There is some really low-hanging fruit out there that people could address just by running standard software analysis tools that will point out security problems and recommend fixes," said co-author Karl Koscher, a research scientist in the UW Security and Privacy Lab. "There are certain functions that are known to be risky to use, and there are ways to rewrite your programs to avoid using them. That would be a good initial step."